Overview

overview

10

Static

static

10

2292-62-0x...ry.exe

windows7-x64

1

2292-62-0x...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    2292-62-0x0000000000400000-0x0000000000425000-memory.dmp

  • Size

    148KB

  • MD5

    7b45b9ff4b354f6c3d00814c7cf145c9

  • SHA1

    5c37100d1d0b1e1f95738ad9444d3b0087adf853

  • SHA256

    1566d0f0b01b50074e9bd94361021769c5e2cb5bde7182ba27bac12d8ff78367

  • SHA512

    be572b88b240d769fc5c7bf43f02b3bad02232e86de6ffda2da1c3e87b2b60b4ba36513cb494d255f80e03cd5c4549a3c8f8a6aeff2fcefb59a99ee6275c6598

  • SSDEEP

    3072:ROzIy5XGViztldWl88Yed2DQuIAQvQ+d0aYuRX:Ro2ViztvWlvd2UuIAQvQ+yFuR

Score
10/10
ratnetwire

Malware Config

Extracted

Family

netwire

C2

fartgul.duckdns.org:3360

fartgul.duckdns.org:3369

fartgul.duckdns.org:4000

fratful.dynu.net:4000

fratful.dynu.net:3369

fratful.dynu.net:3360

tartful.hopto.org:3360

tartful.hopto.org:3369

tartful.hopto.org:4000

futerty.mooo.com:3369
Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    Pay

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    false

  • mutex

    KcLLFWch

  • offline_keylogger

    true

  • password

    Singlesingle1@

  • registry_autorun

    false

  • use_mutex

    true

Signatures

  • NetWire RAT payload 1 IoCs
    rat
  • Netwire family
    netwire
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2292-62-0x0000000000400000-0x0000000000425000-memory.dmp
    .exe windows x86


    Headers

    Sections